#encryption #command-line #aes-gcm #chacha20poly1305 #blake3

bin+lib enc_file

Encrypt / decrypt files or calculate hash from the command line. Warning: Don’t use for anything important, use VeraCrypt or similar instead.

21 unstable releases (3 breaking)

✓ Uses Rust 2018 edition

new 0.3.3 Jul 10, 2020
0.3.1 Jun 29, 2020
0.1.1 Mar 12, 2020

#87 in Cryptography

Download history 16/week @ 2020-03-14 21/week @ 2020-03-21 8/week @ 2020-03-28 32/week @ 2020-04-04 48/week @ 2020-04-11 9/week @ 2020-04-18 1/week @ 2020-04-25 2/week @ 2020-05-02 25/week @ 2020-05-09 19/week @ 2020-05-16 18/week @ 2020-05-23 37/week @ 2020-05-30 26/week @ 2020-06-06 41/week @ 2020-06-13 50/week @ 2020-06-20 66/week @ 2020-06-27

116 downloads per month

MIT license

616 lines


Rust Crates.io Documentation Crates.io Crates.io

Encrypt / decrypt files or calculate the HASH from the command line. Written in Rust without use of unsafe code.

Uses XChaCha20Poly1305 (https://docs.rs/chacha20poly1305) or AES-256-GCM-SIV (https://docs.rs/aes-gcm-siv) for cryptography, bincode (https://docs.rs/bincode) for encoding and BLAKE3 (https://docs.rs/blake3) or SHA256 / SHA512 (https://docs.rs/sha2) for hashing.

XChaCha20Poly1305 and AES256-GCM-SIV offer higher protection against (accidental) nonce reuse as compared to ChaCha20Poly1305 oder AES-GCM.

Encrypted files are (and have to be) stored as .crpt.

Both encrypt and decrypt override existing files!

Panics at errors making safe execution impossible but functions mostly return results.

To install: clone the repository and build from source or use cargo install enc_file.

Warning: Don't use for anything important, use VeraCrypt or similar instead.

This crate hasn't been audited or reviewed in any sense. I created it to easily encrypt und decrypt non-important files which won't cause harm if known by third parties.


Main menu (if started without any command line arguments)

Please enter the corresponding number to continue:
1 Add new key
2 Remove key
3 Encrypt file using XChaCha20Poly1305
4 Decrypt file using XChaCha20Poly1305
5 Encrypt file using AES-256-GCM-SIV
6 Decrypt file using AES-256-GCM-SIV
7 Calculate Hash

Option to generate a new key.file provided at first run or if no keyfile is detected. Keyfile needs to reside in program directory.

Directly calculate hash

Use enc_file hash file_name to calculate BLAKE3-Hash, enc_file hash_sha256 file_name to calculate SHA256-Hash, enc_file hash_sha512 file_name to calculate SHA512-Hash.

Example: enc_file hash ./cargo.toml -> Hash(65c3342975adeb00ec05dcfab6ccb6af877d3f996957742ec6365541546812e4)

Breaking changes:

Breaking change in Version 0.3: Changed input of some functions. To encrypt/decrypt and hash use e.g. "encrypt_chacha(readfile(example.file).unwrap(), key).unwrap()". Change to keymap to conveniently work with several keys. You can import your old keys using "Add key" -> "manually".

Breaking change in Version 0.2: Using XChaCha20Poly1305 as default encryption/decryption. AES is still available using encrypt_aes or decrypt_aes to maintain backwards compability.


Encrypt/decrypt using XChaCha20Poly1305 and random nonce

use enc_file::{encrypt_chacha, decrypt_chacha};

let text = b"This is a test"; //Plaintext to encrypt
let key: &str = "an example very very secret key."; //Key will normally be chosen from keymap and provided to the encrypt_chacha() function
let text_vec = text.to_vec(); //Convert text to Vec<u8>

//Ciphertext stores the len() of encrypted content, the nonce and the actual ciphertext using bincode
let ciphertext = encrypt_chacha(text_vec, key).unwrap(); //encrypt vec<u8>, returns result(Vec<u8>)
//let ciphertext = encrypt_chacha(read_file(example.file).unwrap(), key).unwrap(); //read a file as Vec<u8> and then encrypt 
assert_ne!(&ciphertext, &text); //Check that plaintext != ciphertext

let plaintext = decrypt_chacha(ciphertext, key).unwrap(); //Decrypt ciphertext to plaintext
assert_eq!(format!("{:?}", text), format!("{:?}", plaintext)); //Check that text == plaintext

Calculate Blake3 Hash

use enc_file::{get_blake3_hash};

let test = b"Calculating the BLAKE3 Hash of this text";
let test_vec = test.to_vec(); //Convert text to Vec<u8>
let hash1 = get_blake3_hash(test_vec.clone()).unwrap();
let hash2 = get_blake3_hash(test_vec).unwrap();
assert_eq!(hash1, hash2); //Make sure hash1 == hash2
let test2 = b"Calculating the BLAKE3 Hash of this text."; //"." added at the end
let test2_vec = test2.to_vec();
let hash3 = get_blake3_hash(test2_vec).unwrap();
assert_ne!(hash1, hash3); //check that the added "." changes the hash

To do:

  • Add encrypted map on harddrive to use several keys
  • Add main menu to guide through the process
  • Enable command-line arguments to calculate hash
  • Add option to securely delete files
  • Perhaps: Enable command-line arguments for encrpytion/decryption

Issues and feedback are highly appreciated.


~75K SLoC